privecsg ecsg 1 IEEE 802 EC Privacy Recommendation Study Group October 22 nd, 2014, Conference Call Juan Carlos Zuniga, InterDigital Labs (EC SG Chair)
privecsg ecsg 2 Conference Call Details Wednesday, October 22 nd, 2014, 10:00-11:00am EDT WebEX: –Meeting Number: –Meeting Password: privecsg –To join this meeting (also from mobile devices): 1. Go to 2. If requested, enter your name and address. 3. If a password is required, enter the meeting password: privecsg 4. Click "Join". 5. Follow the instructions that appear on your screen. –To view in other time zones or languages, please click the link: – 3fhttps://premconf.webex.com/premconf/j.php?MTID=m69eeefb6a5dcb21539c0919c591c07 3f Teleconference information –Show global numbers: –Attendee access code:
privecsg ecsg 3 Participants, Patents, and Duty to Inform All participants in this meeting have certain obligations under the IEEE-SA Patent Policy. Participants [Note: Quoted text excerpted from IEEE-SA Standards Board Bylaws subclause 6.2]: –“Shall inform the IEEE (or cause the IEEE to be informed)” of the identity of each “holder of any potential Essential Patent Claims of which they are personally aware” if the claims are owned or controlled by the participant or the entity the participant is from, employed by, or otherwise represents “Personal awareness” means that the participant “is personally aware that the holder may have a potential Essential Patent Claim,” even if the participant is not personally aware of the specific patents or patent claims –“Should inform the IEEE (or cause the IEEE to be informed)” of the identity of “any other holders of such potential Essential Patent Claims” (that is, third parties that are not affiliated with the participant, with the participant’s employer, or with anyone else that the participant is from or otherwise represents) The above does not apply if the patent claim is already the subject of an Accepted Letter of Assurance that applies to the proposed standard(s) under consideration by this group Early identification of holders of potential Essential Patent Claims is strongly encouraged No duty to perform a patent search
privecsg ecsg 4 Patent Related Links All participants should be familiar with their obligations under the IEEE-SA Policies & Procedures for standards development. Patent Policy is stated in these sources: –IEEE-SA Standards Boards Bylaws –IEEE-SA Standards Board Operations Manual Material about the patent policy is available at – If you have questions, contact the IEEE-SA Standards Board Patent Committee Administrator at or visit This slide set is available at
privecsg ecsg 5 Call for Potentially Essential Patents If anyone in this meeting is personally aware of the holder of any patent claims that are potentially essential to implementation of the proposed standard(s) under consideration by this group and that are not already the subject of an Accepted Letter of Assurance: –Either speak up now or –Provide the chair of this group with the identity of the holder(s) of any and all such claims as soon as possible or –Cause an LOA to be submitted
privecsg ecsg 6 Other Guidelines for IEEE WG Meetings All IEEE-SA standards meetings shall be conducted in compliance with all applicable laws, including antitrust and competition laws. Don’t discuss the interpretation, validity, or essentiality of patents/patent claims. Don’t discuss specific license rates, terms, or conditions. –Relative costs, including licensing costs of essential patent claims, of different technical approaches may be discussed in standards development meetings. Technical considerations remain primary focus Don’t discuss or engage in the fixing of product prices, allocation of customers, or division of sales markets. Don’t discuss the status or substance of ongoing or threatened litigation. Don’t be silent if inappropriate topics are discussed … do formally object See IEEE-SA Standards Board Operations Manual, clause and “Promoting Competition and Innovation: What You Need to Know about the IEEE Standards Association's Antitrust and Competition Policy” for more details.
privecsg ecsg 7 Resources – URLs Link to IEEE Disclosure of Affiliation – Links to IEEE Antitrust Guidelines – guidelines.pdfhttp://standards.ieee.org/resources/antitrust- guidelines.pdf Link to IEEE Code of Ethics – ethics.htmlhttp:// ethics.html Link to IEEE Patent Policy –
privecsg ecsg 8 Agenda Welcome Chair's slides –IEEE Slides –Call meeting to order Group’s updates –802c PAR –IETF MAC address randomization trial status – wiki page Technical Topics 1.Threat Model for Privacy at Link Layer 2.Privacy Issues at Link Layer 3.Proposals regarding functionalities in IEEE 802 protocols to improve Privacy 4.Proposals regarding measuring levels of Privacy on Internet protocols 5.Implications of MAC address changes 6.Other Next Steps
privecsg ecsg 9 Business#1 Call Meeting to Order –Meeting called to order by chair at Minutes taker – Roll Call NameAffiliationNameAffiliation Juan Carlos Zuniga (Chair) InterDigitalPiers O’HanlonOxford Internet Institute Mathieu CuncheINRIAWalter PienciakIEEE-SA Antonio de la OlivaUC3MKaren RandallRandall-Consulting Dan HarkinsAruba NetworksMax RiegelNSN Paul LambertMarvellDan RomascanuAvaya Soo Bum LeeQualcommRene StruikStruik Security Consultancy Robert MoskowitzVerizonBrian WeisCisco
privecsg ecsg 10 Business#2 Agenda bashing – Approval of minutes – Reports –Group’s updates 802c PAR IETF MAC address randomization trial status – wiki page
privecsg ecsg 11 IEEE 802c PAR Local space MAC address usage –Claiming protocol without a server Client generates a proposed address and initiates a claim, waits for response and uses address if no conflict detected –Proposed address might have a set value for the first X bits and a randomly generated value for the remaining [48-X] EC SG Privacy considerations –Is there a minimum number of bits required for a WiFi deployment with random MAC addresses? –Do we need to consider co-existence scenarios, e.g. with IoT? –Does the group want to submit PAR comments (potentially late for EC’s deadline)?
privecsg ecsg Trial at IETF meeting Trial IETF Venue –Different SSID (e.g. ietf_Trial_RandMACadd), to be advertised –Separate VLAN, DHCP, Switching and AAA infrastructure –Use only 2.4 GHz infrastructure (b/g/n) –Different credentials needed to join this network Credentials and Wiki –Sign-in page (to keep track of # people, # devices, types of clients, etc.) –Require participants to use specific MACadd tools and setup a DHCP client name/ID per user – to debug and find out potential issues Client –Should follow expected rules for MAC address generation –Should keep track of MAC addresses being used – could help in case of collision or other issues –Should setup DHCP client name DHCP server –Very small lease time for this VLAN –(Later on, a special rule could be added for MACs with local bit set)
privecsg ecsg Protocol Implications of MAC address changes Statistics to be collected –Network # associations in this SSID DHCP logs (MAC, DHCP client ID, time/date) DHCP pool size in time Switch table size in time AAA logs –Client MAC address usage log DHCP client name/ID –Others?
privecsg ecsg MAC address trial - client requirements Wiki page to register participating users Define a set of supplicant clients which can: –Generate a MAC address within the local domain, with the unicast bit set –Keep a log of used MAC addresses (association/probe?) Ask users to setup DHCP client name/ID and register it in the Wiki page
privecsg ecsg 15 Business#3 Technical presentations –Phillip Barber (Broadband Mobile Tech) Overview of Privacy in IEEE overview-of-privacy-in pptxhttps://mentor.ieee.org/privecsg/dcn/14/privecsg overview-of-privacy-in pptx
privecsg ecsg 16 Business#4 Next steps –Prepare report to the 802 Executive Committee and consider developing a PAR on recommended privacy practices for IEEE 802 protocols –Continue call for proposals to discuss technical topics (1)Threat Model for Privacy at Link Layer (2)Privacy Issues at Link Layer (3)Proposals regarding functionalities in IEEE 802 protocols to improve Privacy (4)Proposals regarding measuring levels of Privacy on Internet protocols (5)Implications of MAC address changes (6)Other…
privecsg ecsg 17 Business#4 Upcoming meetings –November 2-7, 2014, IEEE 802 Plenary meeting in San Antonio, TX, USA (Potential 802c PAR discussion on Monday evening, 21:30) Privacy EC SG – 2 Eve slots: Tuesday and Thursday, 19:30-21: EC plenary – Report SG’s update and request EC for renewal –(other teleconferences TBD - if SG is renewed) –(March 8-13, 2015, IEEE 802 Plenary meeting in Berlin, Germany - if SG is renewed) AOB Meeting adjourned at